There are allegedly thousands of North Koreans who have successfully disguised themselves as Americans and landed remote work jobs at Fortune 500 businesses and crypto firms. And while their techniques for getting in are sophisticated, catching them apparently just requires asking one kinda crude question: “How fat is Kim Jong Un?”
According to Adam Meyers, the Senior Vice President of Counter Adversary Operations at cybersecurity firm CrowdStrike, asking that question during the interview process stops the North Korean workers in their tracks. While speaking at the RSA Conference earlier this week, Meyers explained that asking a question like that will cause the prospective worker to abort. “They terminate the call instantly, because it’s not worth it to say something negative about that,” he said, according to a report from The Register.
Meyers said there are other giveaways, too, if you know what to look for. “One of the things that we’ve noted is that you’ll have a person in Poland applying with a very complicated name, and then when you get them on Zoom calls, it’s a military age male Asian who can’t pronounce it,” he said.
The “neg” Kim Jong Un approach is not a Meyers original. Earlier this month, Fortune spoke to Harrison Leggio, the founder of a cryptocurrency startup called g8keep, who said his company has been flooded with applications from North Korean citizens posing as prospective IT workers around the globe. To weed them out, he told Fortune he ends interviews by asking candidates, “Say something negative about Kim Jong Un.” Leggio claims other founders he knows are asking the same thing to thwart the infiltration attempts.
Now, is this actually true? Probably some version of it is, right? It just sounds so outlandishly cartoonish. According to Meyers, these infiltration efforts usually involve creating somewhat elaborate backstories and fake social media profiles for a candidate, then utilizing a team of people who work on technical problems during the interview process while one person serves as a front person. And they just throw that all out at the prospect of saying one bad thing about their leader? They aren’t given the go-ahead to pull a Captain America saying “Heil Hydra” type move?
With such a simple technique to stop a potential North Korean phony, you’d think that the success rate would be low for them getting in. And maybe it is, but they are still reportedly funneling millions of dollars back to the North Korean government, according to the FBI. The UN estimated North Korean IT worker scams have generated $250 million to $600 million every year since 2018, with the workers keeping just a sliver of what they earn.
Part of the reason is that once they secure those jobs, they tend to perform well in them. The Register reported that FBI Special Agent Elizabeth Pelker, a panelist at the same RSA Conference event as Meyers, said it’s common for businesses to ask if they really have to fire the employee once they’re discovered to be a North Korean citizen, because they are reliable workers.
Now, just imagine how much they’ll be able to pull in if they’re allowed to say one mean thing about Kim Jong Un.
